A recent study conducted by the California based endpoint security and systems management company Tanium suggests enterprises have struggled with security during the pandemic and have experienced an increase in cyberattacks.
Tanium commissioned a Censuswide survey of 1,000 CXOs and vice presents at enterprise and government organizations in the United States, United Kingdom, France and Germany in June 2020 to explore how they coped with security during the transition to remote working.
90% of respondents said they experienced an increase in cyberattacks during the pandemic. When asked how well prepared they were for a move to a fully remote workforce, 85% of respondents said they felt ready to make that change. The reality proved to be different, as 98% of respondents said they experienced security challenges within two months of the switch.
The reported challenges were varied, with the most common complaints being identifying new personal computer devices that connected to the network (27%), overwhelmed VPNs (22%), and the security risks posed by the use of video conferencing platforms (20%). The switch to remote working also proved labor intensive, with 93% of respondents saying they had to delay important security projects in order to manage the transition to a fully remote workforce. The main security projects to experience disruption were identity and asset management (39%) and security strategy (39%).
One area in particular stood out as being problematic: patching. When workers are office based, many companies struggle to keep on top of patching, but the struggle was more severe with so many remote workers using personal devices for work purposes. 43% of respondents said they found patching difficult with a remote workforce, with 26% of respondents saying they side-lined patching as a result of the difficulties, even though Microsoft released 100+ patches a month across its product range for several successive Patch Tuesdays.
The disruption caused to businesses was not missed by cybercriminals, who leapt at the new opportunities given to them by the pandemic. The rush to remote working allowed security vulnerabilities to be introduced that were readily exploited, with the most common security issues being data exposure (38%), business email and transaction fraud (37%), and phishing (35%).
The pandemic continues to cause problems for enterprises, but once it ends there is a common help view that remote working is likely to continue at higher levels than before the pandemic. Enterprises and government agencies are now looking into how they can transition to a more flexible working model. While such a move seems likely to please both workers and employers, there are still many challenges that need to be overcome.
Some of the biggest concerns were ensuring compliance long term with a remote workforce (26%), effectively managing cyber risks (25%), and achieving a balance between cyber risk and employee privacy (19%). 45% of respondents said the risks associated with personal devices were simply too great, and they would be banning them entirely when employees returned to the office.
Moving forward, 70% of respondents said security for remote workers would be the top priority and almost half of respondents said endpoint security was one of the main ways this would be achieved, in order to improve visibility into IT assets and patch management processes.
“Whether companies choose to permanently move their operations remote, return employees to the office, or some combination of both, one thing is clear: the edge is now distributed. IT leaders need to incorporate resilience into their distributed workforce infrastructure. A key part of this is making sure organizations have visibility of computing devices in their IT environment,” said Chris Hodson, Chief Information Security Officer at Tanium.